package com.example.demo.controller;


import com.yuapi.yuapiclientsdk.model.User;
import com.yuapi.yuapiclientsdk.utils.SignUtils;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;

/**
 * 名称 API
 */
@RestController
@RequestMapping("/name")
public class NameController {

    @GetMapping("/get")
    public  String getNameBYGet(String name,HttpServletRequest request){
        System.out.println(request.getHeader("yupi"));
        return "GET 你的名字是" + name;
    }

/*    @GetMapping("/")
    public String getNameByGet(String name) {
        return "GET 你的名字是" + name;
    }*/

    @PostMapping("/post")
    public String getNameByPost(@RequestParam String name) {
        return "POST 你的名字是" + name;
    }

    @PostMapping("/user")
    //用于测试
   /* public String getUserNameByPost(@RequestBody User user) {
        return "POST 用户名字是" + user.getUsername();
    }*/
    public String getUserNameByPost(@RequestBody User user, HttpServletRequest request) {
/*        String accessKey = request.getHeader("accessKey");
        String secretKey = request.getHeader("secretKey");
        if (!accessKey.equals("yupi") || !secretKey.equals("abcdefgh")){
            // 抛出一个运行时异常，表示权限不足
            throw new RuntimeException("无权限");
        }*/

        // 从请求头中获取参数
        String accessKey = request.getHeader("accessKey");
        String nonce = request.getHeader("nonce");
        String timestamp = request.getHeader("timestamp");
        String sign = request.getHeader("sign");
        String body = request.getHeader("body");

        // todo 实际情况应该是去数据库中查是否已分配给用户
        if (!accessKey.equals("yupi")){
            throw new RuntimeException("无权限");
        }
        // 校验随机数，模拟一下，直接判断nonce是否大于10000
        if (Long.parseLong(nonce) > 10000) {
            throw new RuntimeException("无权限");
        }

        // todo 时间和当前时间不能超过5分钟
//        if (timestamp) {}

        //todo 实际情况是从数据库查出 secreKey
        String serverSign = SignUtils.genSign(body,"abcdefgh");
        if(!sign.equals(serverSign)){
            throw new RuntimeException("无权限");
        }


        // 如果权限校验通过，返回 "POST 用户名字是" + 用户名

        String result =   "POST 用户名字是" + user.getUsername();
        return  result;
    }

}